<?php
include("../../inc/global.php");
adminislogin();

$oldpass=$_POST["oldpass"];
$newpass=$_POST["newpass"];
$newpass1=$_POST["newpass1"];
if(!issql($oldpass)||!issql($newpass)||!issql($newpass1))
{
    YKT_error('非法的修改！！',$_SERVER['HTTP_REFERER']);
}
if(get_magic_quotes_gpc())
{
	$oldpass = stripslashes($oldpass);
	$newpass = stripslashes($newpass);
	$newpass1 = stripslashes($newpass1);
}else{
	$oldpass = mysql_real_escape_string($oldpass);
	$newpass = mysql_real_escape_string($newpass);
	$newpass1 = mysql_real_escape_string($newpass1);
}
$oldpass=md5($oldpass);
$newpass=md5($newpass);
$newpass1=md5($newpass1);
if($newpass!=$newpass1)
{
	YKT_error('两次次密码不一致！！',$_SERVER['HTTP_REFERER']);
}
$count=$db->getcount("select * from sysadmin Where sysadmin2='{$oldpass}' and sysadmin0={$_SESSION[ADMINSESSION][0]}");
if($count<1)
{
	YKT_error('旧密码不正确！！',$_SERVER['HTTP_REFERER']);
}
$db->execute("update sysadmin set sysadmin2='{$newpass}' where sysadmin0={$_SESSION[ADMINSESSION][0]}");
if(mysql_error)
{
	YKT_error('密码修改成功！,请重新登陆！！',$wwwroot."/".ADMINROOT.'/login.php?act=outlogin','top');
}
else
{
	YKT_error('密码修改失败！！',$_SERVER['HTTP_REFERER']);
}
?>